What is the CVSS score of CVE-2024-23296?

CVE-2024-23296 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Which versions of Apple RTKit are affected by CVE-2024-23296?

A kernel memory protection vulnerability in Apple's RTKit allows attackers to escalate privileges and bypass security hardening on all major Apple platforms (iOS, iPadOS, macOS, tvOS, visionOS, and…

Is CVE-2024-23296 being actively exploited?

Yes, CVE-2024-23296 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, confirming active in-the-wild exploitation. Immediate patching is required.

How to fix or mitigate CVE-2024-23296?

Within 24 hours: Create comprehensive inventory of all Apple devices across platforms and activate enhanced logging on critical Apple endpoints; brief security and incident response teams. Within 7 days: Deploy or enhance EDR/mobile threat defense with post-exploitation behavior detection and kernel-level monitoring; implement network segmentation to restrict lateral movement from compromised Apple devices; establish privilege escalation alerting. Within 30 days: Establish continuous monitoring of Apple security advisories (security.apple.com) specifically for CVE-2024-23296 patch status; conduct risk-prioritized assessment of device criticality; develop remediation timeline aligned with patch availability.

Apple RTKit CVE-2024-23296

HIGH

Out-of-bounds Write (CWE-787)

2024-03-05 product-security@apple.com

Buffer Overflow Memory Corruption Apple

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Added to CISA KEV

Apr 03, 2026 - 11:43 cisa

CISA KEV

CVE Published

Mar 05, 2024 - 20:16 nvd

HIGH 7.8

DescriptionNVD

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.6, macOS Sonoma 14.4, macOS Ventura 13.6.7, tvOS 17.4, visionOS 1.1, watchOS 10.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.

AnalysisAI

Kernel memory protection bypass in Apple's RTKit real-time operating system allows attackers with existing arbitrary kernel read/write primitives to defeat kernel hardening mitigations across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The flaw is confirmed actively exploited (CISA KEV) and Apple has acknowledged in-the-wild abuse, making this a critical post-exploitation primitive used in chained attacks despite a modest EPSS score of 0.17%.

Technical ContextAI

RTKit is Apple's proprietary embedded real-time operating system used across coprocessors and security-critical components in Apple silicon devices. The root cause is classified as CWE-787 (Out-of-bounds Write), a memory corruption class where insufficient bounds validation allows writes outside intended buffer boundaries. The fix introduces improved input validation to prevent the corruption that enabled bypassing kernel memory protections such as KTRR (Kernel Text Read-Only Region) and PPL (Page Protection Layer). The CPE data confirms the issue spans the operating system kernels of all major Apple platforms - iOS, iPadOS, macOS (Monterey, Ventura, Sonoma branches), tvOS, visionOS, and watchOS - indicating a shared codebase component.

RemediationAI

Vendor-released patches are available: upgrade to iOS 16.7.8 or iPadOS 16.7.8, iOS 17.4 or iPadOS 17.4, macOS Monterey 12.7.6, macOS Ventura 13.6.7, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, or watchOS 10.4 as appropriate for each device. Given confirmed active exploitation per CISA KEV, prioritize this update across managed device fleets and enforce via MDM. Federal agencies are obligated by CISA BOD 22-01 to remediate within the KEV-specified deadline. No workarounds are documented by Apple; for devices that cannot be immediately patched, consider enabling Lockdown Mode on supported iOS/macOS versions to reduce kernel attack surface - note this disables several features including some message attachments, web technologies, and configuration profiles.

More from same product – last 7 days

CVE-2026-44739 HIGH This Week

8.7 May 27

SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config

CVE-2026-5817 HIGH This Week

8.2 May 22

Arbitrary code execution in Docker Model Runner's vllm-metal inference backend on macOS allows any container on the Dock

CVE-2026-5843 HIGH This Week

8.2 May 22

Arbitrary code execution in Docker Desktop's Model Runner on macOS allows any container on the Docker network to escape

CVE-2025-43306 HIGH This Week

7.8 May 26

Local privilege escalation in Apple macOS allows a malicious app already running with low privileges to elevate to root

CVE-2026-49237 HIGH This Week

7.8 May 28

Local privilege escalation in Canonical Multipass for macOS before 1.16.3 allows a low-privileged local user to obtain r

CVE-2024-23296 vulnerability details – vuln.today

Back

Apple RTKit CVE-2024-23296

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code